Application Security Manager - Harrah's Corporate Las Vegas

ESSENTIAL JOB FUNCTIONS

Position Statement: The Application & Data Security Manager for Caesars is responsible for implementing and managing the Data & Digital Security (DDS) program and strategy at a tactical and operational level (network, infrastructure, applications and databases) to ensure that security controls are functioning efficiently and effectively, more specifically in the realm of application and database security logging, monitoring, alert management, incident handling, vulnerability and configuration management. Furthermore, this position also supports the DDS Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy.

The Application & Data Security Manager provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties and Information Technology. He/She must act as an active advisor to the IT Department (Infrastructure & Application Development Teams), properties, and business units and be able to offer solutions to new risks and threats. The optimal goals is to design and implement controls and processes, risk mitigation techniques, and standardized information security solutions that will allow a sensible balance between risks and business operations.

More specifically, the Application & Data Security Manager is responsible for:

Application and Data Security Management

�         Developing, enforcing, and managing security processes and/or methodologies to: (1) integrate security requirements within applications and databases; and (2) monitor security settings within applications and databases

�         Developing, enforcing, and managing security requirements as part of the Company�s application and system development lifecycle

�         Developing, enforcing, and managing security policies, standards, procedures, and guidelines that will assist the application development teams in integrating security requirements within their applications and databases

�         Acting as a the main subject matter expert and advisor to the properties, business units and application development teams and offer solutions to new risks and threats

�         Developing and managing detailed security reviews and assessments, security exposure analysis of business applications and databases: (1) Assessing potential damage of security flaws and assisting in the implementation of corrective actions; (2) Identifying, documenting, and reporting security issues and concerns to management; and (3) Monitoring corrective actions and recommending cost-effective preventive measures to preclude recurrences

�         Contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools with respect to applications (Web-based, Legacy, etc.) and databases

�         Providing understanding of application security and software quality assurance and influences application development teams (as well as properties and business units) in integrating security at the design and development phase

�         Providing clear and concise recommendations and guidance in written and verbal form to both business and technology personnel

�         Evaluating and participating in outsourcing initiatives and/or third-party processing in particular those providing services in application development and maintenance

�         Participating in application analysis and design sessions with the application teams

�         Assisting the Technical Architecture Group in establishing a security infrastructure for the business units and their applications/databases

�         Designing, implementing and managing an application security operations lab to perform all required application and data security assessment, reviews, testing, etc. including evaluating, selecting, deploying and managing code scanning and review tools such as AppScan, Hailstorm, Web Inspect, Imperva, etc.

�         Performing code and security settings reviews of applications and databases using best of breed solutions such as AppScan, Web Inspect, Imperva, etc.

�         Partnering with the Security Operations Manager and the Risk and Compliance Team to build an integrated end-to-end security risk and compliance framework to protect the Company's information assets and supporting resources

Risk, Compliance & Policy Management

�         Managing the technical aspect of various audits, PCI, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various properties and IT; signing-off on final remediation; this activity is executed in close collaboration with the Risk & Compliance Lead

Research & Development

�         Providing technical briefings to the CISO and other key stakeholders such as the CTO on current security issues; contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO

�         Providing R&D and consulting support to the DDS team, IT and business projects as needed

Documentation, Reporting & Analytics

�         Contributing to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyzing trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; reporting security metrics and statistics to the CISO and other key stakeholders such as the CTO

�         Documenting and following-up on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures

�         Managing all SOC requirements with regards to application and data security metrics and ensure that metrics are gathered on a daily basis

�         Managing all application and data security metrics for the quarterly CISO dashboard and other reporting requirements

General Management

�         Providing training and advice to junior application security staff and/or other non-security professionals (IT, properties, e.g.)

�         Managing security technical staff both direct reports and �virtual� Subject Matter Experts (SMEs) in various groups

�         Coordinating projects with the IT and property teams and for projects internal to DDS

�         Managing and coaching current direct reports to ensure they perform at the highest level of quality and are able to achieve current goals

�         Assisting with general administrative activities in collaboration with all team members

�         Managing vendors' activities and relationships

�         Preparing project plans and associated documentation; prepare status reports and other management metrics as needed

�         Self-managing career in security by leveraging available courses in-house and courses offered externally; preparing a career plan for short-term and longer-term performance management

Qualifications:

KNOWLEDGE AND EXPERIENCE

7-10 years work experience in application development, database, and application/database security required. Proficient with Excel, VBA automation, and/or management tools such as Microsoft Project/Project Server.

Min 7 years with software penetration testing, secure code review, architectural risk assessment, and/or static code analysis; C, C++, JavaScript, and/or java, .NET development.

Requires knowledge of operating systems, relational database architecture, client/server technology, business data processing, database analysis and design theory skills, transaction processing systems, wide and local area networks, communications protocols, industry standards and FCC regulations, and various types of computer terminal equipment. Strong analytical skills, problem solving skills and project management skills. Extensive training in engineering disciplines including application and data security, systems programming, systems design, computer technology and software disciplines. Hands-on experience with secure software development and analysis a must.

EDUCATION

Bachelor's degree or equivalent business experience in Computer Science, Database Administration, MIS or Electrical Engineering required. Ethical hacking certification required as well as certified training in application security solutions and practices. CISSP, CISA, CISM, GSEC, or related certification(s) required.